7. ISATAP

ISATAP enables unicast communication between IPv6/IPv4 hosts
across the IPv4-only Internet. ISATAP works by encapsulating IPv6
packets with an IPv4 header so that the IPv6 packet can be sent over
an IPv4-only network. This approach is called IPv6-over-IPv4
tunneling, and ISATAP uses automatic tunneling that does
not require any manual configuration.

ISATAP addresses

ISATAP addresses are assigned by ISATAP hosts to their ISATAP
tunnel interfaces. An ISATAP address consists of a valid 64-bit
unicast address prefix and a 64-bit interface identifier. The
interface identify can be either ::0:5efe:w.x.y.z or
::200:5efe:w.x.y.z,where w.x.y.z is either a
private or public IPv4 address, respectively.

On Windows platforms, IPv6 automatically creates a separate
ISATAP tunneling interface for each LAN interface that has a unique
DNS suffix. A link-local ISATAP address is then automatically
configured on these ISATAP interfaces to enable IPv6 communication
over an IPv4-only network without the need of assigning global or
unique local ISATAP addresses to the interfaces.

In Windows Server 2012, you can use the Get-NetIPInterface
cmdlet to list the interfaces on the computer (the command output
has been truncated for display reasons):

ISATAP components

As shown in Figure 6, an ISATAP
infrastructure includes the following components:

ISATAP subnets An ISATAP
subnet is a portion of an IPv4-only network on which ISATAP will
be used for IPv6-over-IPv4 tunneling.

ISATAP hosts An ISATAP host
has an ISATAP tunneling interface, which it can use communicate
with other ISATAP hosts on the same ISATAP subnet. Windows
computers can function as ISATAP hosts using either link-local,
unique-local, or global ISATAP addresses.

ISATAP routers An ISATAP
router is used to enable communication between ISATAP hosts on
an ISATAP subnet and IPv6 hosts on an IPv6-capable network.
Computers running Windows Server 2012 can function as ISATAP
routers by configuring their LAN interfaces with appropriate
IPv6 addresses, routes, and other settings.

Figure 6. The components of an ISATAP deployment.

You can configure a Windows computer to use an ISATAP router
in the following ways:

By using Group Policy as shown in Figure 7

By using the Set-NetIsatapConfiguration cmdlet

By using the Netsh interface isatap set router
command

Figure 7. Group Policy settings for IPv6 transition
technologies.

Important

Scope of ISATAP deployment

Do not deploy ISATAP across your entire IPv4 network
infrastructure. Instead, enable it only on select computers within
your organization that need it.